Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Scripting vulnerabilities in an interactive lesson.
Start learningUpgrade dolibarr/dolibarr
to version 19.0.2 or higher.
dolibarr/dolibarr is a modern and easy to use web software to manage your business.
Affected versions of this package are vulnerable to Cross-site Scripting through the facid
parameter. An attacker can execute arbitrary scripts in the context of the interface or access sensitive user information by injecting malicious HTML or JavaScript code.
https://<url>/compta/paiement/card.php?action=valide&facid=12345--><marquee behavior=alternate loop=2 onbounce=alert(document.location)>XSS</marquee><!--